In a recent Comment Letter, CBAI urged the Consumer Financial Protection Bureau (CFPB) to exempt community banks from redundant annual privacy notice requirements because they represent an unnecessary regulatory burden on community banks and information overload for their customers.

CBAI recommended that community banks be exempt from these requirements so long as they delivered their privacy policies when the accounts were opened, the privacy policies have not changed, and the customers do not have the opportunity to opt-out because community banks only share nonpublic personal information with nonaffiliated third parties performing services or functions on their behalf.

If these exemption requirements are met then community banks should only be required to provide their privacy policies on their websites, and in response to in-person, e-mail, telephone, and regular or express mail requests.